By the end of this Course you should be able to understand
Shared Security Model
Introduction to Threat Detection
Intrusion Detection Systems, Advanced Threat Detection Systems and other security tools that enable a proactive response to threats.
Building a Threat Reduction Strategy
Cloud Adoption Framework (CAF) Security Perspective Controls
AWS GuardDuty Monitoring (Demo)
AWS Security Specialty Certification
Course Summary
In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet.
That most security incidents actually occur because of credential theft (according to the 2018 Verizon Data Breach Investigations Report) not sophisticated zero-day attacks against cloud providers themselves.
2. How to Build a Threat Detection Strategy in AWS
Instructor Introduction
3. Instructor Introduction
• Joseph Holbrook
• Consulting Blockchain Solutions Architect/Trainer/Speaker out of Jacksonville, FL
• Certified Blockchain Solutions Architect (CBSA)
• Certified Blockchain Developer Hyperledger (CBDH)
• Certified Corda Developer
• Certified Google Cloud Platform Cloud Architect and Engineer
• AWS Professional Services Partner - Premier
• Certified AWS Solutions Architect, SysOps and Security
• CompTIA SME – Cloud and Security
• Brocade Distinguished Architect (BDA) 2013
• EMC Proven Professional – Expert – Cloud (EMCCE)
• Published Course Author on Pearson Safari, Udemy, Linkedin Learning
• Author “Architecting Enterprise Blockchain Solutions” – Wiley November 2019
• Prior US Navy Veteran
4. How to Build a Threat Detection Strategy in AWS
Course Introduction
5. Course Introduction
By the end of this Course you should be able to understand
Shared Security Model
Introduction to Threat Detection
Intrusion Detection Systems, Advanced Threat Detection Systems and other security
tools that enable a proactive response to threats.
Building a Threat Reduction Strategy
Cloud Adoption Framework (CAF) Security Perspective Controls
AWS GuardDuty Monitoring (Demo)
AWS Security Specialty Certification
Course Summary
6. How to Build a Threat Detection Strategy in AWS
Did you Know?
7. Did you know?
Did You Know?
• In a recent eye-opening study, Threat Stack found that 73% of companies have
at least one critical security misconfiguration, such as remote SSH open to the
entire internet.
• That most security incidents actually occur because of credential theft
(according to the 2018 Verizon Data Breach Investigations Report) not
sophisticated zero-day attacks against cloud providers themselves.
8. Did you know?
Did You Know?
• The AWS S3 bucket name is not a secret and therefore there are many ways for
a hacker to figure it out. Once the attacker figures it out they can steal your data
and expose it to viewers that are unintended.
• VPC Flow log entries can be scanned to detect both specific and anomalous
attack patterns.
9. How to Build a Threat Detection Strategy in AWS
Shared Security Model
10. Introduction and benefits of AWS security
Shared Security Model
• Review the shared responsibility
model and know what the provider
does for security and what the
user is responsible for.
11. How to Build a Threat Detection Strategy in AWS
Introduction to Threat Detection
12. How to Build a Threat Detection Strategy in AWS
Threat Detection
• Threat detection is the process by which you find threats on your network, your
systems or your applications
• Malware, Virus, Phishing, Trojans, Ransomware, permissioning issues,
backdoors are common
• APT- The enemy could be hidden for months or more.
• Focus on techniques, tactics, and procedures (TTPs)
13. How to Build a Threat Detection Strategy in AWS
Understand what the attackers are after.
• Credentials
• Financial Information
• Health Info/PII
• Corporate Secrets
• Ransom
• Revenge or even corporate image harm
14. How to Build a Threat Detection Strategy in AWS
Threat Detection Tools
• SIEMs
• IDS
• NGEN Firewalls
• Endpoints
• Cloud Brokers
• Honeypots
• Analytics
15. How to Build a Threat Detection Strategy in AWS
Intrusion Detection Systems, Advanced Threat Detection
Systems and other security tools that enable a proactive
response to threats
16. Introduction and benefits of AWS security
• SIEM – Security Hub
• Security Service (Uses AI) – Macie
• Security Service –(For EC2) Inspector
• Compliance Tool – Audit Artifacts
• DDoS Protection - Shield
• CloudWatch – Monitoring Tool
• Others such as HSM, FW Manager, Cognito,
etc
22. How to Build a Threat Detection Strategy in AWS
Building a Threat Reduction Strategy
23. Introduction and benefits of AWS security
Identify threats
• Insider
• Outsider
• Kill Chain – 6 Steps
• Kill Chain – 5 Components
Diagram ISC Congress
24. How to Build a Threat Detection Strategy in AWS
Cloud Adoption Framework (CAF) Security Perspective Controls
25. Introduction and benefits of AWS security
• The AWS CAF provides a framework to help you
structure and plan your cloud adoption journey and
then build a comprehensive approach to cloud
computing throughout the IT lifecycle.
• The CAF provides seven specific areas of focus or
Perspectives: business, platform, maturity, people,
process, operations, and security.
• Security Perspective captures AWS’s experience
working with enterprise customers on their cloud
adoption journey
27. How to Build a Threat Detection Strategy in AWS
AWS GuardDuty Monitoring
28. How to Build a Threat Detection Strategy in AWS
GuardDuty
Analyzes literally billions of events to identify trends, patterns, and anomalies to
find behavior that are recognizable signs that something may be wrong.
Receives Input from multiple data streams.
• Several threat intelligence feeds
• Staying aware of malicious IP addresses and domains
29. How to Build a Threat Detection Strategy in AWS
GuardDuty searches customers specified
• Virtual Private Cloud (VPC) Flow Logs
• AWS CloudTrail
• DNS logs
You can also set a whitelist list and a blacklist
30. How to Build a Threat Detection Strategy in AWS
GuardDuty searches customers specified
• Virtual Private Cloud (VPC) Flow Logs
• AWS CloudTrail
• DNS logs
31. How to Build a Threat Detection Strategy in AWS
GuardDuty searches customers specified
• Virtual Private Cloud (VPC) Flow Logs
• AWS CloudTrail
• DNS logs
32. How to Build a Threat Detection Strategy in AWS
GuardDuty searches customers specified
• Virtual Private Cloud (VPC) Flow Logs
• AWS CloudTrail
• DNS logs
33. How to Build a Threat Detection Strategy in AWS
GuardDuty searches customers specified
• Virtual Private Cloud (VPC) Flow Logs
• AWS CloudTrail
• DNS logs
37. Introduction and benefits of AWS security
AWS Security Specialization is really focused on best practices, AWS security services
and security controls for workloads on AWS.
Exam info is here. https://aws.amazon.com/certification/certified-security-specialty/
38. How to Build a Threat Detection Strategy in AWS
Course Summary
39. How to Build a Threat Detection Strategy in AWS
Threat Detection in AWS
Putting it all together
AWS services can be used in a complementary manner to add capability.
AWS and Security are complementary. The better your security planning is
the more favorable results you should get out of AWS services.
AWS has a robust solution set of security related services.
40. How to Build a Threat Detection Strategy in AWS
Resources
AWS Security Products - https://aws.amazon.com/products/security/
Security Hub - https://aws.amazon.com/security-hub/
Landing Zone - https://aws.amazon.com/solutions/aws-landing-zone/
Fortinet - https://www.fortinet.com/products/public-cloud-security/aws.html
41. How to Build a Threat Detection Strategy in AWS
QuickStart Resources - AWS
42. How to Build a Threat Detection Strategy in AWS
Thank you and
Questions
Editor's Notes
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information
Also share why they should care knowing this information